redline

General

Target

SecuriteInfo.com.W32.AIDetect.malware1.8119.17745
Size

301KB
Sample

210311-4lvz6rzrxj
MD5

4945a14049174b18fc91e04b65dc0dd5
SHA1

28086f5cc0b9f97014575dac95b9de5065977a83
SHA256

ea8588de894d9657daa047958ca98c5e9549ca25bc09e9df2a9c8ae044daef42
SHA512

10e478b6f5d6eb81713f92d8c25a4ee517bd5d37e5962bc16d7b9be652770d844ce537777ec0d023e83069f2de43195cfd08ca1992853d1f7bc6bb35ece3656f

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Version

2019

C2

http://10022020newfolder1002002131-service1002.space/

http://10022020newfolder1002002231-service1002.space/

http://10022020newfolder3100231-service1002.space/

http://10022020newfolder1002002431-service1002.space/

http://10022020newfolder1002002531-service1002.space/

http://10022020newfolder33417-01242510022020.space/

http://10022020test125831-service1002012510022020.space/

http://10022020test136831-service1002012510022020.space/

http://10022020test147831-service1002012510022020.space/

http://10022020test146831-service1002012510022020.space/

http://10022020test134831-service1002012510022020.space/

http://10022020est213531-service100201242510022020.ru/

http://10022020yes1t3481-service1002012510022020.ru/

http://10022020test13561-service1002012510022020.su/

http://10022020test14781-service1002012510022020.info/

http://10022020test13461-service1002012510022020.net/

http://10022020test15671-service1002012510022020.tech/

http://10022020test12671-service1002012510022020.online/

http://10022020utest1341-service1002012510022020.ru/

http://10022020uest71-service100201dom2510022020.ru/

rc4.i32

Targets

- Target
  
  SecuriteInfo.com.W32.AIDetect.malware1.8119.17745
- Size
  
  301KB
- MD5
  
  4945a14049174b18fc91e04b65dc0dd5
- SHA1
  
  28086f5cc0b9f97014575dac95b9de5065977a83
- SHA256
  
  ea8588de894d9657daa047958ca98c5e9549ca25bc09e9df2a9c8ae044daef42
- SHA512
  
  10e478b6f5d6eb81713f92d8c25a4ee517bd5d37e5962bc16d7b9be652770d844ce537777ec0d023e83069f2de43195cfd08ca1992853d1f7bc6bb35ece3656f
Score

10^/10

smokeloader backdoor persistence trojan redline discovery evasion infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Suspicious use of NtCreateProcessExOtherParentProcess
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Executes dropped EXE
- Modifies Installed Components in the registry
  persistence
- Deletes itself
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Windows security modification
  evasion trojan
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2